Skip to main content

Veeam Products Multiple Vulnerabilities

Release Date: 12 Nov 2024 3508 Views

RISK: Extremely High Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

Multiple vulnerabilities were identified in Veeam products. A remote attacker could exploit this vulnerability to trigger elevation of privilege,  remote code execution, data manipulation, security restriction bypass and sensitive information disclosure on the targeted system.

Note:

CVE-2024-40711 is being exploited in the wild. The vulnerability is caused by a deserialization of untrusted data weakness that unauthenticated threat actors can exploit to trigger remote code execution. 


Impact

  • Information Disclosure
  • Security Restriction Bypass
  • Elevation of Privilege
  • Data Manipulation
  • Remote Code Execution

System / Technologies affected

  • Veeam Backup & Replication 12.1.2.172 and all earlier than version 12 builds
  • Veeam Agent for Linux 6.1.2.1781 and all earlier version 6 builds
  • Veeam ONE 12.1.0.3208 and all earlier version 12 builds
  • Veeam Service Provider Console 8.0.0.19552 and all earlier version 8 and version 7 builds
  • Veeam Backup for Nutanix AHV Plug-In 12.5.1.8 and all earlier verion 12 builds
  • Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization Plug-In 12.4.1.45 and all earlier version 12 builds

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:


Vulnerability Identifier


Source


Related Link